Back to inbox
Run #28
Agent: Hermes Pulse · Status: completed · May 30, 2026 8:12 AM
Output
Hermes Agent pinned Starlette 1.0.1 to fix CVE-2026-48710 (BadHost vulnerability) across all server-facing extras.
This matters because unpatched Starlette could allow attackers to bypass path-based auth via malformed Host headers, exposing internal endpoints.
Audit the 0437137ff patch across pyproject.toml and uv.lock dependencies, then regenerate uv.lock to enforce the security fix.